In 2022, the Cyber Threat Intelligence (CTI) team at the Multi-State Information Sharing and Analysis Center (MS-ISAC) witnessed cyber threat actors (CTAs) step up their attack attempts against U.S. State, Local, Tribal, and Territorial (SLTT) government organizations. The MS-ISAC’s Malicious Domain Blocking and Reporting (MDBR) service registered 908 billion DNS requests for SLTTs over the course of the year, for instance. Of that activity, the service blocked 7.8 billion requests.
SLTTs and private hospitals need a way to strengthen their defenses against a very active cyber threat. That’s why we at the Center for Internet Security (CIS) have released Malicious Domain Blocking and Reporting Plus (MDBR+).
BETTER VISUALIZE POTENTIAL THREATS ON YOUR NETWORK
Made available by CIS and industry leader Akamai to SLTTs and private hospitals, MDBR+ is a quick-to-configure and easy-to-deploy cloud-based secure DNS service. It proactively identifies and blocks network traffic from your organization to known malicious websites.
Once you point your organization’s domain name system (DNS) requests to the Akamai’s DNS server IP addresses, MDBR+ compares every DNS lookup against a list of known and suspected malicious domains. The service blocks and logs attempts to access known malicious domains such as those associated with malware, phishing, and ransomware, among other threats, thereby increasing your organization’s web security.
Akamai provides all logged data, including both successful and blocked DNS requests, to the CIS 24x7x365 Security Operations Center (SOC). SOC analysts use this data to perform detailed analysis and reporting for the betterment of the SLTT community and for reporting that’s specific to your organization.
CIS then provides reporting of log information for all blocked requests, among other data. CIS will also assist in remediation if needed.
WEB SECURITY WITH A PERSONAL TOUCH
In addition to keeping your SLTT organization or private hospital safe against common threats, MDBR+ comes with six features that makes staying secure even easier.
- Flexibility of Access
MDBR+ offers security teams full access to a cloud-based management portal. This enables your teams to manage your configurations from any time and anywhere.
- A Real-Time View of Suspicious Network Activity
MDBR+ gives you access to real-time reports on blocked activity for every user on your network. This type of activity includes the machines that are sending requests and which machines might be repeat offenders. Using this information, you can take action by updating your security policies and adjusting your training to help employees who might benefit from additional security awareness training.
- Prioritization for Business Requirements
With MDBR+, you’ll have the ability to build custom configurations, including acceptable use policies (AUPs) and allow/deny lists. This ensures that you can use MDBR+ in a way that supports your unique security needs. As these requirements evolve, so too can your custom configurations.
- Reduced Time Chasing Down False Positives
The SOC analysts at CIS reduce false positive security alerts, enabling your teams to spend more time on things that matter to your organization. What’s more, MDBR+ helps your team administer security policies and updates from any location in a matter of seconds to all locations and devices. This enhances your ability to roll out global changes, ensuring that every device remains safe as your technology continues to change.
- Off-Network Protection
MDBR+ offers your organization a secure DNS service even for your off-network devices. Your teams can use this feature to safeguard remote workforces, ensuring that devices are protected before they connect back to your network.
- Easy Maintenance
The service is easy to implement and requires virtually no maintenance. CIS and Akamai fully maintain the systems required to provide the service.
NOW’S THE TIME TO KEEP YOUR ORGANIZATION SAFE
The purpose of MDBR+ is to strengthen your web security and keep you safe from known malicious domains using processes and policies that work for you. Register now to see what changes tailored threat protection brings to your business.